Iran-backed Handala hackers breach FBI director Kash Patel's emails

FBI Director Kash Patel's email account has been compromised by a group linked to Iran, leading to the publication of his private emails and photographs online. The FBI has confirmed this incident.

The hacking group, referred to as the Handala Hack Team, has displayed Patel's alleged resume and images on its website, proclaiming, "This is just our beginning." They further emphasized their point by questioning the security of lower-level employees, remarking, "If your director can be compromised this easily, what do you expect from your lower-level employees?" The FBI has clarified that the information accessed is "historical in nature and involves no government information."

This breach is not the first instance of Iranian-backed hackers targeting Patel. He previously faced an attack in 2024, just weeks prior to his appointment as FBI Director.

Images that Handala claims to have extracted from Patel's account have appeared on social media, embellished with the group's logo as a watermark. These images depict Patel in various undisclosed locations, including posing beside a vintage convertible, smiling next to a jet, enjoying cigars, taking a selfie near a bottle of liquor, and dining in what seem to be restaurants and hotels.

The BBC has not conducted independent verification of the leaked materials.

In its announcement of the breach, Handala asserted that the "so-called 'impenetrable' systems of the FBI were brought to their knees within hours by our team." They questioned the credibility of the US government’s security assurances, stating, "This is the security that the US government boasts about?! This is the cyber giant that thinks threats and bribes can silence the voice of resistance?!"

In response to the incident, the FBI is offering up to $10 million (£7.5 million) for information that leads to the identification of Handala group members.

Recently, the US Department of Justice seized multiple domain names associated with Handala, alleging they were implicated in hacking schemes connected to the Islamic Republic of Iran. The department reported that Iran's Ministry of Intelligence and Security (MOIS) utilized the Handala websites to disseminate "terrorist propaganda," orchestrate "attempted psychological operations targeting adversaries of the regime," claim responsibility for hacking incidents, and incite violence against journalists and dissidents.

Handala claimed that its breach of Patel's email account was an act of retaliation against the FBI's seizure of its websites and the offer of a $10 million reward for information related to similar cyberattacks.

Earlier in March, the Handala group also took credit for a cyberattack on the US medical technology company Stryker. This attack involved the defacement of the company's employee login, which included a message asserting that data had been erased in a 'wiper' attack orchestrated by the Iran-backed hacktivists.

At that time, Handala announced via their now-suspended account on X that they had erased "over 200,000 systems, servers, and mobile devices" and secured "50 terabytes of critical data" during the Stryker incident. The group characterized the Stryker cyberattack as "retaliation for the brutal attack" on an Iranian girls' school at the beginning of the war, which resulted in more than 160 fatalities, and as "a response to ongoing cyber assaults against the infrastructure" of Iran and its allies.